<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>esapi.reference.default_intrusion_detector.DefaultIntrusionDetector</title>
  <link rel="stylesheet" href="epydoc.css" type="text/css" />
  <script type="text/javascript" src="epydoc.js"></script>
</head>

<body bgcolor="white" text="black" link="blue" vlink="#204080"
      alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="esapi-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
  <tr valign="top">
    <td width="100%">
      <span class="breadcrumbs">
        <a href="esapi-module.html">Package&nbsp;esapi</a> ::
        <a href="esapi.reference-module.html">Package&nbsp;reference</a> ::
        <a href="esapi.reference.default_intrusion_detector-module.html">Module&nbsp;default_intrusion_detector</a> ::
        Class&nbsp;DefaultIntrusionDetector
      </span>
    </td>
    <td>
      <table cellpadding="0" cellspacing="0">
        <!-- hide/show private -->
        <tr><td align="right"><span class="options">[<a href="javascript:void(0);" class="privatelink"
    onclick="toggle_private();">hide&nbsp;private</a>]</span></td></tr>
        <tr><td align="right"><span class="options"
            >[<a href="frames.html" target="_top">frames</a
            >]&nbsp;|&nbsp;<a href="esapi.reference.default_intrusion_detector.DefaultIntrusionDetector-class.html"
            target="_top">no&nbsp;frames</a>]</span></td></tr>
      </table>
    </td>
  </tr>
</table>
<!-- ==================== CLASS DESCRIPTION ==================== -->
<h1 class="epydoc">Class DefaultIntrusionDetector</h1><p class="nomargin-top"><span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector">source&nbsp;code</a></span></p>
<pre class="base-tree">
                          object --+    
                                   |    
<a href="esapi.intrusion_detector.IntrusionDetector-class.html">intrusion_detector.IntrusionDetector</a> --+
                                       |
                                      <strong class="uidshort">DefaultIntrusionDetector</strong>
</pre>

<hr />
<p>Reference implementation of the IntrusionDetector interface. This 
  implementation monitors EnterpriseSecurityExceptions to see if any user 
  exceeds a configurable threshold in a configurable time period. For 
  example, it can monitor to see if ...</p>
  <ul>
    <li>
      A user exceeds 10 input validation issues in a 1 minute period
    </li>
    <li>
      There are more than 3 authentication problems in a 10 second period
    </li>
    <li>
      More complex monitorings, such as establishing a baseline of expected
      behavior and detecting deviations from the baseline.
    </li>
  </ul>
  <p>This implementation stores state in the user's session, so that it 
  will be properly cleaned up when the session is terminated. State is not 
  otherwise persisted, so attacks that span sessions will not be 
  detectable.</p>

<hr />
<div class="fields">      <p><strong>Author:</strong>
        Craig Younkins (craig.younkins@owasp.org)
      </p>
</div><!-- ==================== NESTED CLASSES ==================== -->
<a name="section-NestedClasses"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Nested Classes</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-NestedClasses"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
        <a href="esapi.reference.default_intrusion_detector.DefaultIntrusionDetector.Event-class.html" class="summary-name">Event</a>
    </td>
  </tr>
</table>
<!-- ==================== INSTANCE METHODS ==================== -->
<a name="section-InstanceMethods"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Instance Methods</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-InstanceMethods"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.default_intrusion_detector.DefaultIntrusionDetector-class.html#__init__" class="summary-sig-name">__init__</a>(<span class="summary-sig-arg">self</span>)</span><br />
      x.__init__(...) initializes x; see x.__class__.__doc__ for signature</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.__init__">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.default_intrusion_detector.DefaultIntrusionDetector-class.html#add_exception" class="summary-sig-name">add_exception</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">exception</span>)</span><br />
      Adds the exception to the IntrusionDetector.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.add_exception">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.default_intrusion_detector.DefaultIntrusionDetector-class.html#add_event" class="summary-sig-name">add_event</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">event_name</span>,
        <span class="summary-sig-arg">log_message</span>)</span><br />
      Adds the event to the IntrusionDetector.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.add_event">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.default_intrusion_detector.DefaultIntrusionDetector-class.html#take_security_action" class="summary-sig-name">take_security_action</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">action</span>,
        <span class="summary-sig-arg">message</span>)</span><br />
      Take a specified security action.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.take_security_action">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
<tr>
    <td width="15%" align="right" valign="top" class="summary">
      <span class="summary-type">&nbsp;</span>
    </td><td class="summary">
      <table width="100%" cellpadding="0" cellspacing="0" border="0">
        <tr>
          <td><span class="summary-sig"><a href="esapi.reference.default_intrusion_detector.DefaultIntrusionDetector-class.html#add_security_event" class="summary-sig-name">add_security_event</a>(<span class="summary-sig-arg">self</span>,
        <span class="summary-sig-arg">user</span>,
        <span class="summary-sig-arg">event_name</span>)</span><br />
      Adds a security event to the user.</td>
          <td align="right" valign="top">
            <span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.add_security_event">source&nbsp;code</a></span>
            
          </td>
        </tr>
      </table>
      
    </td>
  </tr>
  <tr>
    <td colspan="2" class="summary">
    <p class="indent-wrapped-lines"><b>Inherited from <code>object</code></b>:
      <code>__delattr__</code>,
      <code>__format__</code>,
      <code>__getattribute__</code>,
      <code>__hash__</code>,
      <code>__new__</code>,
      <code>__reduce__</code>,
      <code>__reduce_ex__</code>,
      <code>__repr__</code>,
      <code>__setattr__</code>,
      <code>__sizeof__</code>,
      <code>__str__</code>,
      <code>__subclasshook__</code>
      </p>
    </td>
  </tr>
</table>
<!-- ==================== PROPERTIES ==================== -->
<a name="section-Properties"></a>
<table class="summary" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Properties</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-Properties"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
  <tr>
    <td colspan="2" class="summary">
    <p class="indent-wrapped-lines"><b>Inherited from <code>object</code></b>:
      <code>__class__</code>
      </p>
    </td>
  </tr>
</table>
<!-- ==================== METHOD DETAILS ==================== -->
<a name="section-MethodDetails"></a>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
  <td colspan="2" class="table-header">
    <table border="0" cellpadding="0" cellspacing="0" width="100%">
      <tr valign="top">
        <td align="left"><span class="table-header">Method Details</span></td>
        <td align="right" valign="top"
         ><span class="options">[<a href="#section-MethodDetails"
         class="privatelink" onclick="toggle_private();"
         >hide private</a>]</span></td>
      </tr>
    </table>
  </td>
</tr>
</table>
<a name="__init__"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">__init__</span>(<span class="sig-arg">self</span>)</span>
    <br /><em class="fname">(Constructor)</em>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.__init__">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>x.__init__(...) initializes x; see x.__class__.__doc__ for 
  signature</p>
  <dl class="fields">
    <dt>Overrides:
        object.__init__
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="add_exception"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">add_exception</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">exception</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.add_exception">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Adds the exception to the IntrusionDetector.</p>
  <p>The implementation should store the exception somewhere for the 
  current user in order to check if the user has reached the threshold for 
  any type of security exception. The user object is the recommended place 
  for storing these exceptions. If the user has reached any security 
  thresholds, an appropriate security action, such as locking the user 
  account, can be taken and logged.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>exception</code></strong> - the exception thrown</li>
    </ul></dd>
    <dt>Raises:</dt>
    <dd><ul class="nomargin-top">
        <li><code><strong class='fraise'><a href="esapi.exceptions.IntrusionException-class.html">IntrusionException</a></strong></code> - Indicates an intrusion</li>
    </ul></dd>
    <dt>Overrides:
        <a href="esapi.intrusion_detector.IntrusionDetector-class.html#add_exception">intrusion_detector.IntrusionDetector.add_exception</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="add_event"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">add_event</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">event_name</span>,
        <span class="sig-arg">log_message</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.add_event">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Adds the event to the IntrusionDetector.</p>
  <p>The implementation should store the exception somewhere for the 
  current user in order to check if the user has reached the threshold for 
  any type of security exception. The user object is the recommended place 
  for storing these exceptions. If the user has reached any security 
  thresholds, an appropriate security action, such as locking the user 
  account, can be taken and logged.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>event_name</code></strong> - the event to add</li>
        <li><strong class="pname"><code>log_message</code></strong> - the message to log with the event</li>
    </ul></dd>
    <dt>Raises:</dt>
    <dd><ul class="nomargin-top">
        <li><code><strong class='fraise'><a href="esapi.exceptions.IntrusionException-class.html">IntrusionException</a></strong></code> - Indicates an intrusion</li>
    </ul></dd>
    <dt>Overrides:
        <a href="esapi.intrusion_detector.IntrusionDetector-class.html#add_event">intrusion_detector.IntrusionDetector.add_event</a>
        <dd><em class="note">(inherited documentation)</em></dd>
    </dt>
  </dl>
</td></tr></table>
</div>
<a name="take_security_action"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">take_security_action</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">action</span>,
        <span class="sig-arg">message</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.take_security_action">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Take a specified security action. In this implementation, acceptable 
  actions are: log, disable, logout, and lock.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>action</code></strong> - the action to take. Ie &quot;log&quot;, &quot;disable&quot;, 
          &quot;logout&quot;</li>
        <li><strong class="pname"><code>message</code></strong> - the message to log if the action is &quot;log&quot;</li>
    </ul></dd>
  </dl>
</td></tr></table>
</div>
<a name="add_security_event"></a>
<div>
<table class="details" border="1" cellpadding="3"
       cellspacing="0" width="100%" bgcolor="white">
<tr><td>
  <table width="100%" cellpadding="0" cellspacing="0" border="0">
  <tr valign="top"><td>
  <h3 class="epydoc"><span class="sig"><span class="sig-name">add_security_event</span>(<span class="sig-arg">self</span>,
        <span class="sig-arg">user</span>,
        <span class="sig-arg">event_name</span>)</span>
  </h3>
  </td><td align="right" valign="top"
    ><span class="codelink"><a href="esapi.reference.default_intrusion_detector-pysrc.html#DefaultIntrusionDetector.add_security_event">source&nbsp;code</a></span>&nbsp;
    </td>
  </tr></table>
  
  <p>Adds a security event to the user. These events are used to check that
  the user has not reached the security thresholds set in the 
  SecurityConfiguration.</p>
  <dl class="fields">
    <dt>Parameters:</dt>
    <dd><ul class="nomargin-top">
        <li><strong class="pname"><code>user</code></strong> - the user tha caused the event</li>
        <li><strong class="pname"><code>event_name</code></strong> - the name of the event that occurred.</li>
    </ul></dd>
  </dl>
</td></tr></table>
</div>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
       bgcolor="#a0c0ff" cellspacing="0">
  <tr valign="middle">
  <!-- Home link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="esapi-module.html">Home</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Tree link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="module-tree.html">Trees</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Index link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="identifier-index.html">Indices</a>&nbsp;&nbsp;&nbsp;</th>

  <!-- Help link -->
      <th>&nbsp;&nbsp;&nbsp;<a
        href="help.html">Help</a>&nbsp;&nbsp;&nbsp;</th>

      <th class="navbar" width="100%"></th>
  </tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
  <tr>
    <td align="left" class="footer">
    Generated by Epydoc 3.0.1 on Sun Nov  8 16:04:21 2009
    </td>
    <td align="right" class="footer">
      <a target="mainFrame" href="http://epydoc.sourceforge.net"
        >http://epydoc.sourceforge.net</a>
    </td>
  </tr>
</table>

<script type="text/javascript">
  <!--
  // Private objects are initially displayed (because if
  // javascript is turned off then we want them to be
  // visible); but by default, we want to hide them.  So hide
  // them unless we have a cookie that says to show them.
  checkCookie();
  // -->
</script>
</body>
</html>
